From 5dc807487f7c356967269def7e3f39a64fbb143b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Sat, 11 Nov 2023 06:26:18 -0500
Subject: [PATCH] Pass secrets from the host down to internal podman containers

This change will allow RHEL subscriptions from the host to flow
to internal containers.

Fixes: https://github.com/containers/common/issues/1735

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 contrib/podmanimage/stable/Containerfile   | 3 +++
 contrib/podmanimage/testing/Containerfile  | 3 +++
 contrib/podmanimage/upstream/Containerfile | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/contrib/podmanimage/stable/Containerfile b/contrib/podmanimage/stable/Containerfile
index eef7792561..fa776ead17 100644
--- a/contrib/podmanimage/stable/Containerfile
+++ b/contrib/podmanimage/stable/Containerfile
@@ -41,6 +41,9 @@ RUN sed -e 's|^#mount_program|mount_program|g' \
            /usr/share/containers/storage.conf \
            > /etc/containers/storage.conf
 
+# Setup internal Podman to pass subscriptions down from host to internal container
+RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
+
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
diff --git a/contrib/podmanimage/testing/Containerfile b/contrib/podmanimage/testing/Containerfile
index 14b141a330..da9f740203 100644
--- a/contrib/podmanimage/testing/Containerfile
+++ b/contrib/podmanimage/testing/Containerfile
@@ -40,6 +40,9 @@ RUN sed -e 's|^#mount_program|mount_program|g' \
            /usr/share/containers/storage.conf \
            > /etc/containers/storage.conf
 
+# Setup internal Podman to pass secrets/subscriptions down from host to internal container
+RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
+
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
diff --git a/contrib/podmanimage/upstream/Containerfile b/contrib/podmanimage/upstream/Containerfile
index 6490d242f0..d5ddef106e 100644
--- a/contrib/podmanimage/upstream/Containerfile
+++ b/contrib/podmanimage/upstream/Containerfile
@@ -47,6 +47,9 @@ RUN sed -e 's|^#mount_program|mount_program|g' \
            /usr/share/containers/storage.conf \
            > /etc/containers/storage.conf
 
+# Setup internal Podman to pass secrets/subscriptions down from host to internal container
+RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
+
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers